Blockchain Transactions Affirm Suspicious Levels of RaaS Interconnectedness

John Murphy  Feb 22, 2021 16:23  UTC 08:23

4 Min Read

During the COVID-19 outbreak, the virtual working environment has disclosed various organization vulnerabilities to ransomware attacks. Ransomware strikes impulsively at the heart of organizations, resulting in businesses facing extensive loss during and after the attack.

Are you familiar with the fact that ransomware attacks boosted almost 900% during the first half of 2020? Sadly, 72% of the ransomware growth is observed because of the coronavirus pandemic. Undoubtedly, ransomware attacks started to evolve long before the pandemic exists. Ransomware attacks have faced growth at a tremendous pace by 200% over the past two years.

It is estimated that ransomware attacks are becoming more sophisticated, expensive, and frequent with the passage of time. Keeping in view above mentioned statistics and estimations, businesses should acquire actionable steps and measures for ransomware attack management.

Let’s have a look at the interconnection between four prominent ransomware strains using blockchain analysis.

Blockchain Transactions Depict Collaboration Between The 4 Biggest Ransomware Strains

A report was recently published by Chainalysis limelights the informational theories with unforgeable and undisputable cryptographic shreds of evidence that are left behind by Bitcoin transactions that have occurred among some of these groups.

“A prominent connection was observed among the 2020s four of the most prominent ransomware strains: Maze, Egregor, SunCript, and Doppelpaymer. Thanks to blockchain analysis."

These four ransomware strains were quite active during the pandemic and have attacked some of the most leading companies, including LG, Pemex, Barnes, and Noble, University Hospital New jersey. All four ransomware strains utilize the double extortion strategy and RaaS model. This concludes that affiliates conduct ransomware attacks themselves and pay a commission of each victim payment back to the strain administrators and creators.

It is observed by some cybersecurity researchers that Egregor and Maze are linked somehow. It’s not just egregor, it is claimed by a bleeping computer that prior to the Maze’s shutdown announcement, SunCrypt representatives contacted them affirming to be a part of the “Maze ransomware cartel”. However, Maze has denied this.

It cannot be claimed with certainty that these four ransomware strains have the same administrators, but it can be concluded with relative certainty that some of the affiliates are in common. Maze and Egregor rely on the same OTC brokers for the conversion of cryptocurrency into cash. However, they interact with those brokers in different ways.

The Interconnected Landscape Is Actually a Great Sign

As we observed that these overlaps and connections proved to be successful between these four prominent cybercrime groups, this confirmed interconnection proved to be a great sign for law enforcement. Chainalysis claims that: 

“Given the number of unique ransomware strains currently operating, the collected pieces of evidence depict that the ransomware world is smaller than one might think in the first instance.”

Since a carefully planned blow can impact numerous RaaS providers and groups at the same time, this theory should impact the disruption and crackdown of ransomware attacks. RaaS operates and its affiliates often utilize over-the-counter and money laundering services for the conversion of stolen funds into legitimate currency. Reaching out the real-world profitability by this fund conversion, RaaS operators face a hard time finding a reason to operate when their work doesn’t prove to be profitable.

Tips To Approach And Avoid Crypto-Ransomware

Ransomware attacks are continuously wrecking businesses worldwide. However, it is mandatory for organizations to significantly improve cybersecurity measures to deal with crypto-ransomware.

Let’s have a deep dive into the following tips for the management of ransomware risks with a high rate of accuracy and efficiency.  

  • Organizations should provide comprehensive training to employees about ransomware, online threats, phishing schemes, and how to deal with them. The most effective way to deter ransomware attacks is to increase employee awareness. 

  • It is mandatory for businesses to find a partner with high credibility to help with cyber ransom settlement. It is crucial for businesses to choose wisely and integrate with a highly experienced and credible ransomware settlement provider. 

  • Have a strong, reliable, and transparent relationship with financial infrastructures that deal with cryptocurrency. The settlement partner needs to have an extensive history of exhaustively documenting every cryptocurrency transaction. 

  • Organizations should comply with considerable anti-money laundering background and stringent compliance programs, with appropriate regulatory guidelines and bodies. This includes the Bank Secrecy Act (BSA), anti-money laundering, office of foreign assets control (OFAC), and other state regulatory guidelines. 

  • Companies must enhance their capability of rapid identification and detection of criminal activities. C-suite members should also share threat data with authorities and peers for the enhancement of actionable intelligence and also drive security advancements across industries. 

  • Assurance of formal procedures by enterprises in which employees and those who are responsible for managing high-priority security threats should be able to streamline the organizations' response to ransomware attacks, and its capability to restore services to develop a transparent relationship between employees and customers.

Beware, Ransomware Will Continue To Get Worse

Unfortunately, ransomware attacks will tend to grow at a continuous and rapid pace in 2021 and in upcoming years. There would be no wrong in saying that with the advancement in artificial intelligence and machine learning, upcoming years are going to be extremely challenging especially for companies who are expanding the usage of cloud computing. However, higher authorities are enforcing and acquiring enhanced cybersecurity measures to fight a strong battle against fraudulent activities and illicit money transfers.

Nevertheless of the nature of these connections, the shreds of evidence concluded in the report suggest that given the number of unique strains that are currently performing operations, the ransomware world is smaller than one might think beforehand. This information can be a force multiplier for law enforcement. If they can identify and act against groups controlling numerous ransomware strains, or against OTC’s enabling multiple ransomware strains to cash out their earnings, then they will be able to impact or halt operations of numerous strains with one squelch.

No doubt, businesses, and financial infrastructures should take an actionable step now. They should integrate themselves with incident respondents and cybersecurity organizations and should adopt proactive security measures for a safe and secure future.  


Image source: Shutterstock

Censorship, Cancel Culture, and Common Sense


Read More